- Elastic Cloud Serverless
- Elasticsearch
- Elastic Observability
- Get started
- Observability overview
- Elastic Observability Serverless billing dimensions
- Create an Observability project
- Quickstart: Monitor hosts with Elastic Agent
- Quickstart: Monitor your Kubernetes cluster with Elastic Agent
- Quickstart: Monitor hosts with OpenTelemetry
- Quickstart: Unified Kubernetes Observability with Elastic Distributions of OpenTelemetry (EDOT)
- Quickstart: Collect data with AWS Firehose
- Get started with dashboards
- Applications and services
- Application performance monitoring (APM)
- Get started with traces and APM
- Learn about data types
- Collect application data
- View and analyze data
- Act on data
- Use APM securely
- Reduce storage
- Managed intake service event API
- Troubleshooting
- Synthetic monitoring
- Get started
- Scripting browser monitors
- Configure lightweight monitors
- Manage monitors
- Work with params and secrets
- Analyze monitor data
- Monitor resources on private networks
- Use the CLI
- Configure a Synthetics project
- Multifactor Authentication for browser monitors
- Configure Synthetics settings
- Grant users access to secured resources
- Manage data retention
- Scale and architect a deployment
- Synthetics Encryption and Security
- Troubleshooting
- Application performance monitoring (APM)
- Infrastructure and hosts
- Logs
- Inventory
- Incident management
- Data set quality
- Observability AI Assistant
- Machine learning
- Reference
- Get started
- Elastic Security
- Elastic Security overview
- Security billing dimensions
- Create a Security project
- Elastic Security requirements
- Elastic Security UI
- AI for Security
- Ingest data
- Configure endpoint protection with Elastic Defend
- Manage Elastic Defend
- Endpoints
- Policies
- Trusted applications
- Event filters
- Host isolation exceptions
- Blocklist
- Optimize Elastic Defend
- Event capture and Elastic Defend
- Endpoint protection rules
- Identify antivirus software on your hosts
- Allowlist Elastic Endpoint in third-party antivirus apps
- Elastic Endpoint self-protection features
- Elastic Endpoint command reference
- Endpoint response actions
- Cloud Security
- Explore your data
- Dashboards
- Detection engine overview
- Rules
- Alerts
- Advanced Entity Analytics
- Investigation tools
- Asset management
- Manage settings
- Troubleshooting
- Manage your project
- Changelog
Create a synthetic monitor status rule
editCreate a synthetic monitor status rule
editWithin the Synthetics UI, create a Monitor Status rule to receive notifications based on errors and outages.
- To access this page, go to Synthetics → Overview.
- At the top of the page, click Alerts and rules → Monitor status rule → Create status rule.
Filters
editThe Filter by section controls the scope of the rule.
The rule will only check monitors that match the filters defined in this section.
In this example, the rule will only alert on browser monitors located in Asia/Pacific - Japan.
Conditions
editConditions for each rule will be applied to all monitors that match the filters in the Filter by section. You can choose the number of times the monitor has to be down relative to either a number of checks run or a time range in which checks were run, and the minimum number of locations the monitor must be down in.
Retests are included in the number of checks.
The Rule schedule defines how often to evaluate the condition. Note that checks are queued, and they run as close to the defined value as capacity allows. For example, if a check is scheduled to run every 2 minutes, but the check takes longer than 2 minutes to run, a check will not run until the previous check has finished.
You can also set Advanced options such as the number of consecutive runs that must meet the rule conditions before an alert occurs.
In this example, the conditions will be met any time a browser monitor is down 3 of the last 5 times
the monitor ran across any locations that match the filter. These conditions will be evaluated every minute,
and you will only receive an alert when the conditions are met three times consecutively.
Action types
editExtend your rules by connecting them to actions that use the following supported built-in integrations.
Some connector types are paid commercial features, while others are free. For a comparison of the Elastic subscription levels, go to the subscription page.
After you select a connector, you must set the action frequency. You can choose to create a summary of alerts on each check interval or on a custom interval. For example, send email notifications that summarize the new, ongoing, and recovered alerts each hour:
Alternatively, you can set the action frequency such that you choose how often the action runs (for example, at each check interval, only when the alert status changes, or at a custom action interval). In this case, you must also select the specific threshold condition that affects when actions run: the Synthetics monitor status changes or when it is Recovered (went from down to up).
You can also further refine the conditions under which actions run by specifying that actions only run when they match a KQL query or when an alert occurs within a specific time frame:
- If alert matches query: Enter a KQL query that defines field-value pairs or query conditions that must be met for notifications to send. The query only searches alert documents in the indices specified for the rule.
- If alert is generated during timeframe: Set timeframe details. Notifications are only sent if alerts are generated within the timeframe you define.
Action variables
editUse the default notification message or customize it. You can add more context to the message by clicking the icon above the message text box and selecting from a list of available variables.
The following variables are specific to this rule type. You an also specify variables common to all rules.
-
context.checkedAt - Timestamp of the monitor run.
-
context.hostName - Hostname of the location from which the check is performed.
-
context.lastErrorMessage - Monitor last error message.
-
context.locationId - Location id from which the check is performed.
-
context.locationName - Location name from which the check is performed.
-
context.locationNames - Location names from which the checks are performed.
-
context.message - A generated message summarizing the status of monitors currently down.
-
context.monitorId - ID of the monitor.
-
context.monitorName - Name of the monitor.
-
context.monitorTags - Tags associated with the monitor.
-
context.monitorType - Type (for example, HTTP/TCP) of the monitor.
-
context.monitorUrl - URL of the monitor.
-
context.reason - A concise description of the reason for the alert.
-
context.recoveryReason - A concise description of the reason for the recovery.
-
context.status - Monitor status (for example, "down").
-
context.viewInAppUrl - Open alert details and context in Synthetics app.
On this page